
Tech··12 min
The New Prompt Injection Attack Surface: MCP, Tools, and Your Browser
Prompt injection is the SQL injection of the AI era, except worse. SQLi has a clean fix. Indirect prompt injection doesn't, because an LLM reads instructions and untrusted data through the same channel with no reliable way to tell them apart. OWASP ranks it the number one risk in AI applications, and the numbers back that up.
prompt-injectionai-securitymcp